
import requests

# 自行实现一个HTML实体字符转化功能
def str_html(source):
    result=''
    for c in source:
        result += '&#x' + hex(ord(c)) + ';'
    return result.replace('0x','')
# 从响应中检测payload是否有效
def check_resp(response,payload,type):
    index = response.find(payload)
    prefix = response[index-2:index-1]
    if type =='Normal' and prefix !='=' and index >=0:
        return True
    elif type == 'Prop' and prefix == '=' and index >=0:
        return True
    elif index >= 0:
        return True

    return False

# 实现扫描的主要功能
def xss_scan(href):

    url = href.split('?')[0]
    param = href.split('?')[-1].split('=')[0]
    with open('xss-payload.txt') as file:
        payload_list = file.readlines()

    for payload in payload_list:
        type = payload.strip().split(':',1)[0]
        payload = payload.strip().split(':',1)[1]
        if type == 'Referer' or type == 'User-Agent' or type == 'Cookie':
            header={type:payload}
            resp = requests.get(url=url,headers=header)
        else:
            resp=requests.get(url=url,params={param:payload})
        if check_resp(resp.text,payload,type):
            print(f"此处存在漏洞：{payload}")



# 按间距中的绿色按钮以运行脚本。
if __name__ == '__main__':
    xss_scan('http://localhost/xss/level11.php?keyword=test')

# 访问 https://www.jetbrains.com/help/pycharm/ 获取 PyCharm 帮助
